2 hours 42 minutes
Hello and welcome to the office. 3 65 migration primer course.
Miami's Jim Daniels and on your instructor
Today we're starting model for stains on, and we're gonna go over the exchange on overview.
In today's lesson. We're going to go over permissions. In exchange. Talked to Mel. Boss is available in exchange security and compliance features monitoring, auditing tools and Mel Flow options for exchange alarm,
Extend Salon and essential Improve Used role based access control that he's that is a for Mr Model or back.
Each roll group has a set of pre defined permissions.
New role groups can be created and customized as needed for the organization.
One thing. Keeping modeling permissions
the tenant Global admin is also, by default the exchange online admin.
Here's some of the commonly used role groups in exchange, along with help desk.
The key thing about the help desk Robur is they can view or modify. I open the Web options for all users.
Think of this as compliant settings. You can run searches on mailbox,
so if you ever need to do any sort of open records, you discovery any of that. The Discovery management role was needed organizational management.
That's admin over change, along with the exception of Discovery.
So if you want somebody tohave
exchangeable on admin roles, but you don't want them involved in searches and running different compliance configuration settings give them organizational management role
recipient management role.
These users can create or modify exchange align recipients.
Pretty sure you four on that one. Records management.
These users can configure compliance settings and mel flow rules, so Discovery Management they can configure compliance settings. Records management conduce that, plus Mel Floral Records management does not have the ability to run the searches of services in the mailbox
view. Only organizational management.
They can view the properties of any exchange of one object. This is the look, but don't touch kind of roll over.
Let's take a look at some of the roles and exchange alarm.
So let's look at the recipient management who can see the individual rules that compose
My team mailboxes, for example.
Now let's look at adding in your old Bert,
you set scope and set individual roles.
Here we can kind of pick and choose what roles we want this custom roll group to have the ability to perform,
and we're going to choose address list.
We could give it a name.
Schoop's default, and now we can add a member
to assign that role to
We're going to take a member Paisley.
So now she will be assigned to this role
hit a basis. Settings.
There we are
the tops of exchange, Alana recipients that you'll have availability is a user group Resource shirt, no box and public folders.
Use a recipient is a user mailbox or mail contact. A Mel contact is Mel enabled directory object that has a external email address.
A lot of times, people will do this if they have a non hosted or third party email address for a certain user or a person important within their directory will create a Mel. Contact said That way there that appears in the address list
glued recipient types.
You have a distribution group that sends an email to each member of the group dynamic distribution. The same is the distribution, said Membership is based on a query.
Mellon Able Security
is a distribution group,
and you can assign resources to it.
Unifying group That's a combined collaborative tools with a destro shared hybrid type mailbox Unified Group that is a newer office. 3 65 Cloud based Bert.
Here's a comparison for some of the groups that we just went over.
You see distributes messages to members. All of them do that. The unified group that doesn't if they're subscribed to that group.
If not, they will have to go and see those messages in the room.
New member See historical messages distribution. You only see what was sent to the address from the moment you joined
Unified Group. You can actually see everything all communications and conversations that happened prior to the members online.
Does it come with a group calendar?
The unified group does
the others simple distribution groups and do not
So users or group members are manually added. That will be yes. With the exception of dynamic Destroyed.
There is a new feature with a unified group where you can do a unified group based on a dynamic as a raid. Eager
the resource recipient type.
This is a special kind of mailbox has customizable logic, which does open booking approval. You prevent double booking, can't even say your booking time.
The two common resource recipient boxes or is a room mailbox and equipment mailbox, so room mailboxes assigned to specific location. And this is how most organizations keep track of who books, what room, what conference room at what time
That is when multiple users share a common mailbox and exchange calendar. The users act as delegates. Access is based on the delegation list. It is not have a password.
Compliance settings can be applied to share mailboxes.
The big thing will share mailboxes is they don't consume an extra license,
and there are no passwords.
So again, a user does not have to remember a second password just to access a non user type of mailbox. Public folders that's a shared access with the easy way to collect, organize and sharing info with a reward group or organization
has a limited functionality without looking to let on the Web.
It does not provide some of the functions that SharePoint does. My opinion is,
unless you absolutely, for a reason require a public voter. I would not migrate them,
and I would not create them. In exchange on, I will go exclusively with SharePoint and a unified group. If you need this type of work environment
so get some of the consecutively and compliance features with change online.
Some of the features available. You have encryption litigation, whole journaling, archive mailboxes, content serves and data loss prevention for encryption. TLS 1.2 is used as a standard encryption during transit. Bit Locker is used in with that at risk in the market. Self Data Centers
BET Locker, you know, Laws A S to 56 bit. Standard
additional options you have for encryption s mine Secure Multipurpose Internet Mel of sessions and over the ME office message. Encryption
office message Encryption combines email, encryption and rights management capabilities.
It does a complete encryption identity and authorization model
To use office message encryption. You have to have some form of as your information protection,
which is available in the Enterprise and Mobility Security Sweets or you quarrel. License has to be a E three or higher.
All users have the ability to open a office message. Encrypted message is to create that you have to have a certain licence.
There's a diagram that looks at message encryption within Officer 65.
Yet the sender.
When they send something, it goes through the policies and the rules
if it triggers one. The Rose and force
the tenant configuration data and key
is attached to it.
It does it a recipient.
When the recipient receives it. They view a sandbox messaging portal,
and they can either authenticate with their existing Microsoft account office 3 65 organizational account, love dot com account or another Federated accounts such as gmail dot com.
For this quiz, I would like to know what is encryption standard used by Officer 65 for messages and transit.
Is it triple? Does TLS one own TLS 12 or bluefish?
The correct answer is TLS one to litigation. Hold
the litigation. Whole retains all content in the mailbox Thoma hold until the holy ends.
So even if a user device a message
if their boss is under hold, it still stored in a special folder for Discovery.
It requires exchange plan to
which comes with the core E three and E five exchange licenses.
Litigation holds a valuable troubleshooting tool. If you're doing something toe where you may
negatively impact the integrity of the mailbox or in May delete messages where you may place it in, a unrecoverable state is always recommended to take that user make sure they're assigned 83 or 85 put their mailbox on litigation whole prior to taking those troubleshooting steps.
Litigation hold has got me out of many jams.
Content search. So continents are replaced. Each discovery. When Office 3 65 in exchange along, first came out, he discovery Was there
constant search ISMM or of a unified discovery search? It searches across the entire tenant,
so not only exchangeable on it also rolls into SharePoint one drive teams.
You can start about query, keywords and different actually values.
It is part of the Security and Compliance Center,
and Cory five comes with advanced discovery features. So content search
works all across the board. On all user level level types. However, Cory five has some additional discovery features.
Data loss prevention. That's a huge buzz work right about now.
And let's take a look at what type of deal P configuration options that exchange Alon Officers, 65 has
with the deal p. In exchange along, you can apply policies and actions
to those messages containing sensitive information
you can use. A Microsoft template will create your own for a customization.
Mel Tips of Arad action justifications of some of the options,
and they are applied with Mel Floyd. Rules for DLP requires exchange plan to which is Courtney 3 35
in a new unified DLP models coming to Security Compliance center.
So they're taking the deal. P. And they are using those protection and prevention policies, and they're extending the out from Just exchange a lot, just like with E Discovery, where went to content search deal peas doing the same thing. It's going to be a unified engine that runs
across all of your
3 65 10
for monitoring and our parting tools.
We have some admin logging. They, uh, audit in log e change may bind at man mailbox logging when the mailboxes access
their basic artists with an exchange online and in center.
There's unified artists in the Security and Compliance Center
to Cloud. Have security broker. I could do an entire lesson. Just on this is a comprehensive a p R. Driven discovery in activity log sweet.
It comes with the enterprise mobility and security lessons.
Corti five. Or you can get the cloud of security broker added Alicorp. You see here from the screen shot, we have
it really gets into detail.
One events. So with this one here, you can see that they move messages to delete items folder. You can see the person i p the date device type.
You see a whole slew of information that it really helps you paint the total picture of what happens within your ex angel on environment.
Melford transport rules.
These are triggered based on certain message parameters.
If then logic is used and you can customize the triggers in the actions
the lazy exchange Admin loves transport rules
because you can use them to minute
You can use him to mimic policies that will be in a security compliance center,
and it seems a lot
so one of my challenges to U as an exchange, Alon Man Strader is
to always look at out of the box
and look at policies. Procedure tools such as deal P
content, search and things in your security compliant center. Always look there first, so you aren't creating
a rule that you can already manage with a feature that's available,
you can use the mail for the transport rules for really creative solutions.
So in recap,
standard encryption for change on on includes TLS 1.2 in transit and Built locker wishes the data at rest.
For all of messages,
various recipient types are available. We talk about different groups. We're talking about users. Resource boxes share mailboxes.
Additional security and compliance tools are available,
depending on your licensing. So again, this is the cost. Forces benefit dependent When you're Lawson's in your environment. Mayor Main It may or may not make sense to immediately add and a possibility and security so you can get that extra security compliance that your organization may require.
Like to thank you for taking time out of your schedule to join me
on this class. And I hope to see you with the next one. Thank you.